Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
busybox-static.20467
wget-check-chunk-length-for-overflowing-off_t.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File wget-check-chunk-length-for-overflowing-off_t.patch of Package busybox-static.20467
From: Denys Vlasenko <vda.linux@googlemail.com> Date: Sun Apr 8 18:06:24 2018 +0200 Subject: wget: check chunk length for overflowing off_t Patch-mainline: 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e Git-repo: https://git.busybox.net/busybox Git-commit: b1a212f737c970450d37f14982a67e8637dd79bc References: function old new delta retrieve_file_data 428 465 +37 wget_main 2386 2389 +3 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 40/0) Total: 40 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> Signed-off-by: Egbert Eich <eich@suse.de> --- networking/wget.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/networking/wget.c b/networking/wget.c index b5cf2c21f..1eb1a8294 100644 --- a/networking/wget.c +++ b/networking/wget.c @@ -908,11 +908,19 @@ static void NOINLINE retrieve_file_data(FILE *dfp) if (!G.chunked) break; - fgets_trim_sanitize(dfp, NULL); /* Eat empty line */ + /* Each chunk ends with "\r\n" - eat it */ + fgets_trim_sanitize(dfp, NULL); get_clen: + /* chunk size format is "HEXNUM[;name[=val]]\r\n" */ fgets_trim_sanitize(dfp, NULL); + errno = 0; G.content_len = STRTOOFF(G.wget_buf, NULL, 16); - /* FIXME: error check? */ + /* + * Had a bug with inputs like "ffffffff0001f400" + * smashing the heap later. Ensure >= 0. + */ + if (G.content_len < 0 || errno) + bb_error_msg_and_die("bad chunk length '%s'", G.wget_buf); if (G.content_len == 0) break; /* all done! */ G.got_clen = 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor